https://www.startpage.com search for https://ipleak.net clicked on Proxy and it shows this Which is correct, but why is it doing that ? Startpage "might" reveal even more, if you have JavaScript etc etc enabled ? I didn't & nothing else was revealed. Test it yourself & see, & post with your results.
I got the same results with both Edge and 360 Extreme Explorer (Chrome): I have Javasript enabled in both browsers (I never disable it), but ipleak thought I had it disabled. So clearly, the information it shows is coming from the proxy and not your own PC.
Yes, it's leaking my User Agent: "Mozilla/5.0 ... Linux i686 ... Gecko/20091221 Firefox/49.0". https://www.browserleaks.com/whois shows the same User Agent. https://www.browserleaks.com/webgl says "WebGL is blocked by NoScript". https://www.browserleaks.com/webrtc says that WebRTC is not enabled. https://www.browserleaks.com/javascript says "JavaScript Disabled"
Startpage is not actually leaking anything. You are making https connect throught proxy and it shows your real UA no matter if JavaScript is enabled or not. By definion, https proxies are not allowed to touch the content of http metadata but should forward your stuff as is. Of course, if you have UA spoofing enabled and *still* somehow gotted your real UA shown then it would get interesting ... As a side remark, startpage *is* picky if you send it empty UA or at least it was ....
The Startpage proxy doesn't simply tunnel your traffic. It sits in the middle, altering page/links and stripping some things out. Or is supposed to. For some representations: https://www.startpage.com/proxy/eng/help.html Neither https://ipleak.net nor https://www.browserleaks.com/whois reflect my User-Agent when accessed through the StartPage proxy (actually ixquick-proxy.com). Theoretically, it could depend on what proxy server you are hitting and/or other things. In an effort to retrieve and serve something suited for a User-Agent they might make some choices. Someone affected and able to reproduce meaningful results could contact them. I'd suggest testing with a few different User-Agent strings first, just to firm up what is going on.
Well, as interesting as all this may be, I must say that relying on StartPage proxy to meaningfully hide anything is rather silly
Using Startpage proxy doesn't reveal my correct UA whether JavaScript is enabled or disabled on ipleak.net. Browserleaks.com site is showing untrusted connection. (uses invalid security certificate)
You are right. If they are able to strip/alter page contents then it's not true HTTPS proxy but something else entirely. Anyway, I tested https://ipleak.net it and it gives me "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/53.0Safari/532.9" as UA and then tested https://www.browserleaks.com/whois that gives "Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2) Gecko/20100101 Firefox/3.6" as UA. Both tests showed the same proxy IP. Neither was my real UA. So their spoofing thingy seems to work for me too.